Discussion Forum

jmason03

Member

Registered: January 9, 2014

Posts: 123

HTTPS and Module Embed Forms

I have a module embed form on a page that I'm trying to access using https. I'm getting a mixed content error because in core/admin/ajax/auto-modules/embeddable-form.php it is using admin_root to add the protocol which is always http even if the user is trying to view over https. I tried (just for kicks) changing the domain from admin_root to my domain using https but then I just get even more mixed content errors and it fails to load any other files like the CSS or any JS helper/library file.

I also tried calling the makeSecure() function at the top of the page but that didn't help either.

So I was wondering if you had any thoughts on how I could get every protocol to change on the files that are included or retrieved to use https?

Thanks

timbuckingham

Administrator

From: Baltimore, MD

Registered: April 2, 2012

Posts: 974

Re: HTTPS and Module Embed Forms

Ok, I did some testing today and here's my observations:

• Gravatar is causing mixed content warnings when accessing the admin with your admin_root set to https -- This will be fixed when I get an SSL certificate for bigtreecms.org (so that the default gravatar loads over https as well if you don't have one setup for a user)

• If you setup your admin_root to be https:// and your www_root isn't, you can't get to your admin -- This is fixed through a new /site/index.php change

If you do setup both www_root and admin_root to be over https, embeddable forms do seem to work properly without mixed content warnings. You'd probably also need to setup static_root to be over https if you're cropping images.

The code change for /site/index.php to properly route the admin over HTTPS but not the whole front end lies in changing the "$parts_of_admin =" line to these three lines:

$generic_www_root = str_replace(array("http://","https://"),"",$bigtree["config"]["www_root"]);
$generic_admin_root = str_replace(array("http://","https://"),"",$bigtree["config"]["admin_root"]);
$parts_of_admin = explode("/",trim(str_replace($generic_www_root,"",$generic_admin_root),"/"));

I honestly have no idea why /site/index.php has all this logic code outside of the /core/ folder. I plan to make /site/index.php a "dumb" file that loads a core file for logic in the 4.1.6 / 4.2 releases, but obviously that doesn't help any existing installations. Sorry!

If I'm still missing something and/or these solutions don't work for you let me know

jmason03

Member

Registered: January 9, 2014

Posts: 123

Re: HTTPS and Module Embed Forms

I replaced the code with what you provided but it still gives me a Mixed Content error when requesting admin/ajax/auto-modules/embeddable-form/?hash=54bc157a14c11 and the file the error is coming from is embeddable-form.js so the admin_root variable being used as part of the iframe source on line 1 is still not switching to https. Hopefully this helps but if you need anymore information just let me know.

Thanks for working on this.

timbuckingham

Administrator

From: Baltimore, MD

Registered: April 2, 2012

Posts: 974

Re: HTTPS and Module Embed Forms

So you changed $bigtree["config"]["admin_root"] to an https:// URL and you're still not seeing it reflected in embeddable-form.js? Any chance an old version is stuck in your cache?